At BSides San Francisco, Larkin Ryder, the interim CISO at Slack, delivered a keynote based on a decade of retrospection, reflection, and prediction.
Ryder broke down her observations on the past ten years of cybersecurity into the following notable categories: malware, data breaches, vulnerabilities, and privacy. “Over the past decade, malware went critical,” she observed, calling out Stuxnet, WannaCry, and NotPetya as the most notable.
Her journey of reflection then moved on to data breaches, of which she called Yahoo! “one of my favorite breaches” due to the story of prosecution and conviction. She then referenced the Adult Friend Finder and Ashley Madison breaches as breaches with a different motive. “These breaches were about hackers making a moral judgement, and [the abstraction of] a different type of very personal information,” she noted. “Then there was Target,” which brought to light vendor risk management and made it a critical issue. “We need to establish trust with all our vendors because vendor risk management is so much more critical now than it was in 2010.”
The last decade, said Ryder, saw “vulnerabilities earning names.” The most notorious of those names were Heartbleed (2014), Meltdown and Spectre (2018), and EternalBlue (2017).
Impact
Taking the decade of malware, data breaches, and vulnerabilities into account, Ryder considered the impact it has had and what has changed as a result. Interest and awareness about cybersecurity is perhaps the biggest consequence, she said. In the Global Risks Report 2020, cybersecurity featured twice in the list of top 10 global risks: Cyberattacks on infrastructure came in at number five, and cyber-attacks involving theft of money or data came in at number eight.
No tags.
